Espressif ESP-IDF 4.3

CPE Details

Espressif ESP-IDF 4.3
espressif
esp-idf
4.3
2021-07-29
14h48 +00:00
2021-07-29
16h27 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:espressif:esp-idf:4.3:-:*:*:*:*:*:*

Informations

Vendor

espressif

Product

esp-idf

Version

4.3

Update

-

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2021-28139 2021-09-07 04h27 +00:00 The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly restrict the Feature Page upon reception of an LMP Feature Response Extended packet, allowing attackers in radio range to trigger arbitrary code execution in ESP32 via a crafted Extended Features bitfield payload.
8.8
High
CVE-2021-28135 2021-09-07 03h56 +00:00 The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service (crash) in ESP32 by flooding the target device with LMP Feature Response data.
6.5
Medium
CVE-2021-28136 2021-09-07 03h52 +00:00 The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly handle the reception of multiple LMP IO Capability Request packets during the pairing process, allowing attackers in radio range to trigger memory corruption (and consequently a crash) in ESP32 via a replayed (duplicated) LMP packet.
6.5
Medium